https://www.mdu.se/

mdu.sePublications
Change search
Link to record
Permanent link

Direct link
Alternative names
Publications (10 of 14) Show all publications
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2016). Assessing Security, Capacity and Reachability of a Heterogeneous Industrial Network during Planning Phase. EAI Endorsed Transactions on Security and Safety, 16(7)
Open this publication in new window or tab >>Assessing Security, Capacity and Reachability of a Heterogeneous Industrial Network during Planning Phase
2016 (English)In: EAI Endorsed Transactions on Security and Safety, E-ISSN 2032-9393, Vol. 16, no 7Article in journal (Refereed) Published
Abstract [en]

In an industrial plant, there is usually a mix of devices with different levels of security features and computation capabilities. If a mix of devices with various degrees of security features and capabilities communicate, the overall network dynamics with respect to security and network performance will be complex. A secure communication path with high latency and low bandwidth may not satisfy the operational requirements in a plant. Therefore, there is a need to assess the relation of security and network performance for overall plant operation. In this work we focus on identifying an optimal flow path between two devices in a multi-hop heterogeneous network. We propose a model and an algorithm to estimate and generate a network path identified by flow performance indicators of a heterogeneous communication network. Through an example, we show how the flow performance metrics change with security, capacity and reachability of the devices in the network.

National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-33069 (URN)
Available from: 2016-09-05 Created: 2016-09-05 Last updated: 2021-02-16Bibliographically approved
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2016). Balancing Network Performance and Network Security in a Smart Grid Application. In: 14th International Conference on Industrial Informatics INDIN 2016: . Paper presented at 14th IEEE International Conference on Industrial Informatics, INDIN 2016; Palais des Congres du FuturoscopePoitiers; France; 19 July 2016 through 21 July 2016; Category numberCFP16INI-ART; Code 126001 (pp. 618-624). , jan, Article ID 7819235.
Open this publication in new window or tab >>Balancing Network Performance and Network Security in a Smart Grid Application
2016 (English)In: 14th International Conference on Industrial Informatics INDIN 2016, 2016, Vol. jan, p. 618-624, article id 7819235Conference paper, Published paper (Refereed)
Abstract [en]

A key aspect of realizing the future smart grid communication solution is a balanced approach between the network performance and the network security during the network deployment. A high security communication flow path is not useful when the network path cannot support capacity and reachability requirements. The deployment phase in communication network can facilitate an optimal network path by focusing on both the network performance and the network security at the same time. In this paper, we describe a use case of smart grid application where security, network capacity and reachability needs to be optimal for successful network operation. We explain our proposed balancing approach of the network performance and the network security which can be useful for the optimal smart grid secure system design.

Series
IEEE International Conference on Industrial Informatics (INDIN), ISSN 1935-4576
Keywords
Smart Grid, Network Assessment, Planning, Security, Network Performance
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-32872 (URN)10.1109/INDIN.2016.7819235 (DOI)000393551200094 ()2-s2.0-85012867806 (Scopus ID)9781509028702 (ISBN)
Conference
14th IEEE International Conference on Industrial Informatics, INDIN 2016; Palais des Congres du FuturoscopePoitiers; France; 19 July 2016 through 21 July 2016; Category numberCFP16INI-ART; Code 126001
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2016-08-31 Created: 2016-08-24 Last updated: 2018-07-26Bibliographically approved
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2016). Employee Trust Based Industrial Device Deployment and Initial Key Establishment. International Journal of Network Security & Its Applications, 8(1), 21-44
Open this publication in new window or tab >>Employee Trust Based Industrial Device Deployment and Initial Key Establishment
2016 (English)In: International Journal of Network Security & Its Applications, ISSN 0975-2307, E-ISSN 0974-9330, Vol. 8, no 1, p. 21-44Article in journal (Refereed) Published
Abstract [en]

An efficient key management system is required to support cryptography. Most key management systems use either pre-installed shared keys or install initial security parameters using out-of-band channels. These methods create an additional burden for engineers who manage the devices in industrial plants. Hence, device deployment in industrial plants becomes a challenging task in order to achieve security. In this work, we present a device deployment framework that can support key management using the existing trust towards employees in a plant. This approach reduces the access to initial security parameters by employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach presents a unique solution to the device deployment problem. Further, through a proof-of-concept implementation and security analysis using the AVISPA tool, we present that our framework is feasible to implement and satisfies our security objectives.

Keywords
Key Distribution, Industrial Communication Security, Device deployment, Initial Trust, Device Authentication, AVISPA.
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-32808 (URN)10.5121/ijnsa.2016.8102 (DOI)
External cooperation:
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2016-08-25 Created: 2016-08-24 Last updated: 2017-11-28Bibliographically approved
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2016). Future Research Challenges of Secure Heterogeneous Industrial Communication Networks. In: 2016 IEEE 21ST INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA): . Paper presented at 21st IEEE Conference on Emerging Technologies and Factory Automation, OWL Univ Appl Sci, Fraunhofer IOSB INA, Berlin, GERMANY, Sep. 6-9, 2016.
Open this publication in new window or tab >>Future Research Challenges of Secure Heterogeneous Industrial Communication Networks
2016 (English)In: 2016 IEEE 21ST INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA), 2016Conference paper, Published paper (Refereed)
Abstract [en]

A growing concern of cyber threats towards industrial plants has prompted industrial practitioners to focus on secure communication solutions which can protect their systems from vulnerabilities and as well as their brand image. The security concerns and the solutions for industrial communication networks have become well-discussed topics in research communities. Despite a huge research effort in the area of industrial communication network security, there are several issues that need to be addressed properly such that a unified security solution can be adopted in the industrial domain. In this article, we aim to outline the research direction for industrial communication security. Though security is considered as an on-going process, the major issues that still need to be addressed are trust management for heterogeneous networks, managing network performance with security requirements, usable security and key management.

National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-33068 (URN)10.1109/ETFA.2016.7733732 (DOI)000389524200236 ()2-s2.0-84996558258 (Scopus ID)978-1-5090-1314-2 (ISBN)
Conference
21st IEEE Conference on Emerging Technologies and Factory Automation, OWL Univ Appl Sci, Fraunhofer IOSB INA, Berlin, GERMANY, Sep. 6-9, 2016
Available from: 2016-09-05 Created: 2016-09-05 Last updated: 2018-02-27Bibliographically approved
Fotouhi, H., Vahabi, M., Ray, A. & Björkman, M. (2016). SDN-TAP: An SDN-based Traffic Aware Protocol for Wireless Sensor Networks. In: 18th International Conference on e-Health Networking, Applictions and Services Healthcom'16: . Paper presented at 18th International Conference on e-Health Networking, Applictions and Services Healthcom'16, 14-17 Sep 2016, Munich, Germany. , Article ID 7749527.
Open this publication in new window or tab >>SDN-TAP: An SDN-based Traffic Aware Protocol for Wireless Sensor Networks
2016 (English)In: 18th International Conference on e-Health Networking, Applictions and Services Healthcom'16, 2016, article id 7749527Conference paper, Published paper (Refereed)
Abstract [en]

Congestion control is a challenging issue in wireless sensor networks with limited channel bandwidth. Thus, many protocols have been designed to provide a distributed traffic control during packet forwarding. However, all these approaches are applied to single-hop communication networks, ignoring the multi-hop restrictions. In this work, we take advantage of software defined networking paradigm by devising a controller node in such a way that it collects all the necessary information from wireless sensor network nodes. Thus, based on hop count and local traffic information, controller decides for possible flow path changes to evenly distribute the traffic. The evaluations revealed that the SDN-TAP outperforms conventional routing protocols by reducing packet loss rate up to 46%.

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-32889 (URN)10.1109/HealthCom.2016.7749527 (DOI)000391459700110 ()2-s2.0-85006379991 (Scopus ID)9781509033706 (ISBN)
Conference
18th International Conference on e-Health Networking, Applictions and Services Healthcom'16, 14-17 Sep 2016, Munich, Germany
Projects
READY - Research Environment for Advancing Low Latency Internet
Available from: 2016-08-29 Created: 2016-08-24 Last updated: 2022-11-09Bibliographically approved
Ray, A., Åkerberg, J., Björkman, M., Blom, R. & Gidlund, M. (2015). Applicability of LTE Public Key Infrastructure based device authentication in Industrial Plants. In: Proceedings - International Computer Software and Applications ConferenceVolume 2,: . Paper presented at The 39th Annual International Computers, Software & Applications Conference COMPSAC'15, 1-5 Jul 2015, Taichung, Taiwan (pp. 510-515).
Open this publication in new window or tab >>Applicability of LTE Public Key Infrastructure based device authentication in Industrial Plants
Show others...
2015 (English)In: Proceedings - International Computer Software and Applications ConferenceVolume 2,, 2015, p. 510-515Conference paper, Published paper (Refereed)
Abstract [en]

The security in industrial automation domain using cryptography mechansims is being discussed in both industry and academia. An efficient key management system is required to support cryptography for both symmetric key and public/private key encryption. The key managment should ensure that the device is verified before distributing the initial key parameters to devices. The software/firmware used in the device comes from manufacturers, therefore the initial authenticity of the device can be easily verified with the help of manufacturers. Mobile telecommunication is an industrial segment where wireless devices are being used for a long time and the security of the wireless device management has been considered through a standard driven approach. Therefore, it is interesting to analyse the security authentication mechanisms used in mobile communication, specified in Long-Term-Evolution (LTE) standard. This paper analyses the initial device authentication using public key infrastructure in LTE standard, and discusses if, where and how the studied solutions can be tailored for device authenticity verification in industrial plant automation systems.

National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-29233 (URN)10.1109/COMPSAC.2015.61 (DOI)000380584300070 ()2-s2.0-84962148518 (Scopus ID)978-1-4673-6563-5 (ISBN)
Conference
The 39th Annual International Computers, Software & Applications Conference COMPSAC'15, 1-5 Jul 2015, Taichung, Taiwan
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2015-10-06 Created: 2015-09-29 Last updated: 2017-05-29Bibliographically approved
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2015). POSTER: An approach to Assess Security, Capacity and Reachability for Heterogeneous Industrial Networks. In: 11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15: . Paper presented at 11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15, 26-29 Oct 2015, DALLAS, United States.
Open this publication in new window or tab >>POSTER: An approach to Assess Security, Capacity and Reachability for Heterogeneous Industrial Networks
2015 (English)In: 11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15, 2015Conference paper, Published paper (Refereed)
Abstract [en]

Industrial plants are heterogeneous networks with different computation and communication capabilities along with different security properties. The optimal operation of a plant requires a balance between communication capabilities and security features. A secure communication data flow with high latency and low bandwidth does not provide the required efficiency in a plant. Therefore, we focus on assessing the relation of security, capacity and timeliness properties of an industrial network for overall network performance.

Series
ecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, ISSN 1867-8211
Keywords
Security Modeling, Network Assessment, Routing, Path Planning
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-29638 (URN)10.1007/978-3-319-28865-9_34 (DOI)2-s2.0-84958093668 (Scopus ID)
Conference
11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15, 26-29 Oct 2015, DALLAS, United States
Projects
ITS-EASY Post Graduate School for Embedded Software and SystemsEmbedded Systems - Adjungerad lektor Johan Åkerberg
Available from: 2015-12-11 Created: 2015-11-26 Last updated: 2016-03-03Bibliographically approved
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2015). Towards Security Assurance for Heterogeneous Industrial Networks. In: IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society: . Paper presented at 41st Annual Conference of the IEEE Industrial Electronics Society, IECON 2015; Pacifico YokohamaYokohama; Japan; 9 November 2015 through 12 November 2015; Category numberCFP15IEC-ART; Code 119153 (pp. 4488-4493). , Article ID 7392799.
Open this publication in new window or tab >>Towards Security Assurance for Heterogeneous Industrial Networks
2015 (English)In: IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society, 2015, p. 4488-4493, article id 7392799Conference paper, Published paper (Refereed)
Abstract [en]

Industrial networks have a mix of devices with different security properties. If a mix of devices with various degrees of security features and capabilities communicate, the overall network dynamics with respect to device trust and security of message exchange will be complex. Therefore, there is a need to understand the trust and risk probabilities of devices in a heterogeneous network. This is required for heterogeneous network where the network configuration has to be made based on how trustworthy they are. In this work we focus on assessing security risks for devices and message exchanges. We define the term emph{assurance value} to denote the resilience of a device to security attacks. We study the behavior of a communication network when devices with various degrees of security features exchange messages. We aim to identify the network security properties based on the network architecture. From the study, we propose a model to estimate and predict network security properties in a heterogeneous communication network.

Keywords
Security Modeling, Network Assessment, Assurance Value, Risk Computation
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-29639 (URN)10.1109/IECON.2015.7392799 (DOI)000382950704078 ()2-s2.0-84973125369 (Scopus ID)
Conference
41st Annual Conference of the IEEE Industrial Electronics Society, IECON 2015; Pacifico YokohamaYokohama; Japan; 9 November 2015 through 12 November 2015; Category numberCFP15IEC-ART; Code 119153
Projects
ITS-EASY Post Graduate School for Embedded Software and SystemsEmbedded Systems - Adjungerad lektor Johan Åkerberg
Available from: 2015-12-10 Created: 2015-11-26 Last updated: 2017-05-29Bibliographically approved
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2015). Towards Trustworthiness Assessment of Industrial Heterogeneous Networks. In: 20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15: . Paper presented at 20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15, 8-11 Sep 2015, Luxemburg, Luxemburg. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Towards Trustworthiness Assessment of Industrial Heterogeneous Networks
2015 (English)In: 20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15, Institute of Electrical and Electronics Engineers Inc. , 2015Conference paper, Published paper (Refereed)
Abstract [en]

In industrial plants, there is a mix of devices with different security features and capabilities. If there is a mix of devices with various degree of security levels, then this will create independent islands in a network with similar levels of security features. However, the industrial plant is interconnected for the purpose of reducing cost of monitoring with a centralized control center. Therefore, the different islands also need to communicate with each other to improve the asset management efficiency in a plant. In this work we aim to focus on the trustworthiness assessment of devices in industrial plant networks in term of node value. We study the behavior of industrial plant networks when devices with various degrees of security features communicate. We aim to identify network properties which influence the overall network behavior. From the study, we have found that the communication path, the order of different communication paths and the number of specific types of nodes affect the final trustworthiness of devices in the network.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2015
Series
EEE International Conference on Emerging Technologies and Factory Automation, ETFA, ISSN 1946-0740
Keywords
Industrial Communication Security, Security Modeling, Network Analysis, Device Trust
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-30028 (URN)10.1109/ETFA.2015.7301548 (DOI)000378564800149 ()2-s2.0-84952905864 (Scopus ID)9781467379304 (ISBN)
Conference
20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15, 8-11 Sep 2015, Luxemburg, Luxemburg
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2015-12-19 Created: 2015-12-18 Last updated: 2016-07-28Bibliographically approved
Ray, A. (2014). Initial Trust Establishment for Heterogeneous Industrial Communication Networks. (Licentiate dissertation). Västerås: Mälardalen University
Open this publication in new window or tab >>Initial Trust Establishment for Heterogeneous Industrial Communication Networks
2014 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The severity of cyber threats towards existing and future industrial systems has resulted in an increase of security awareness in the industrial automation domain. Compared to traditional information security, industrial communication systems have different performance and reliability requirements. The safety and availability requirements can also sometimes conflict with the system security design of plants. For instance, it is not acceptable to create a secure system which may take up additional time to establish security and as a consequence disrupt the production in plants. Similarly, a system which requires authentication and authorization procedures before any emergency action may not be suitable in industrial plants.

Therefore, there is a need for improvement of the security workflow in industrial plants, so that the security can be realized in practice. This also leads to the requirement of secure device deployment and secure data communication inside the industrial plants. In this thesis, the focus is on the initial trust establishment in industrial devices. The initial trust establishment is the starting point for enabling a secure communication infrastructure. Reusability analysis with financial sectors has been considered as the reuse of security solutions from this adjacent application domain can be a simple and an effective way to achieve the desired system security. Through this analysis, the reusability features have been identified and workflows have been proposed which can be used to bootstrap initial trust in the industrial process control devices and manage security workflow. A proof-of-concept implementation to prove the feasibility of the device deployment workflow has also been provided.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2014
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 175
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-24945 (URN)978-91-7485-149-6 (ISBN)
Presentation
2014-06-16, Kappa, Mälardalens högskola, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2014-04-30 Created: 2014-04-30 Last updated: 2014-05-22Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-5361-2196

Search in DiVA

Show all publications